Turn off Data Execution Prevention for Explorer
|ID: oval:org.secpod.oval:def:40329||Date: (C)2017-04-25 (M)2018-11-15|
|Class: COMPLIANCE||Family: windows|
Disabling data execution prevention can allow certain legacy plug-in applications to function without terminating Explorer.
Data Execution Prevention is an important security feature supported by Explorer that helps to limit the impact of certain types of malware.
We recommend that you disable this policy setting unless you have to support legacy business applications that do not support it.
Enabling this policy setting may allow certain legacy plug-in applications to function. Disabling this policy setting will ensure that Data Execution Prevention blocks certain types of malware from exploiting Explorer.
(1) GPO: Computer Configuration\Administrative Templates\Windows Components\File Explorer\Turn off Data Execution Prevention for Explorer
(2) REG: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Explorer!NoDataExecutionPrevention
|Microsoft Windows Server 2016|